Backport #229

CGI::Cookies can "get out of sync"

Added by NoKarma (Arthur Schreiber) almost 4 years ago. Updated about 1 year ago.

[ruby-core:17634]
Status:Closed Start date:07/07/2008
Priority:Normal Due date:
Assignee:wyhaines (Kirk Haines) % Done:

100%
Category:-
Target version:-

Description

CGI::Cookies are an instance of a DelegateClass of their @value instance variable,
which is always an Array. But changing a Cookie's value using the #value= instance
method of CGI::Cookie causes the Cookie to "get out of sync":


require "cgi"

cookie = CGI::Cookie.new("my-cookie", "first value", "second value")
cookie.value # => ["first value", "second value"]

cookie[0] # => "first value"
cookie[1] # => "second value"
cookie[2] = "new value"

cookie.each do |val|
  val # => "first value", "second value", "new value"
end

cookie.inspect # => "[\"first value\", \"second value\", \"new value\"]"
cookie.to_s # => "my-cookie=first+value&second+value&new+value; path="


cookie = CGI::Cookie.new("my-cookie", "first value", "second value")
cookie.value # => ["first value", "second value"]

# This makes the cookie get out of sync
cookie.value = [ "test" ]

cookie[0] # => "first value"
cookie[1] # => "second value"
cookie[2] = "new value"

cookie.each do |val|
  val # => "first value", "second value", "new value"
end

cookie.inspect # => "[\"first value\", \"second value\", \"new value\"]"
cookie.to_s # => "my-cookie=test; path="


The attached patch fixes this issue.

cgi_cookie.patch (1005 Bytes) NoKarma (Arthur Schreiber), 07/07/2008 07:37 am

Related issues

related to ruby-trunk - Feature #502: CGI::CookieをdelegateからArrayの継承へ変更 Closed 08/27/2008

Associated revisions

Revision 24913
Added by marcandre over 2 years ago

* lib/cgi/cookie.rb (value=): Keep CGI::Cookie#value in sync with the cookie itself. A patch by Arthur Schreiber [ruby-core:17634]

Revision 27932
Added by wyhaines about 2 years ago

lib/cgi.rb: Backport #229 [ruby-core:17634]; CGI::Cookie objects can get out of sync when CGI::Cookie#value= is used to assign a new value. Also, if a nil value ends up in the array of values for the cookie, CGI::Cookie#to_s would blow up on a gsub error when it tried to CGI::escape the nil value. This is fixed so that nils are treated as empty strings.

History

#1
Updated by shyouhei (Shyouhei Urabe) over 3 years ago

  • Assignee set to xibbar (Takeyuki Fujioka)

#2
Updated by marcandre (Marc-Andre Lafortune) over 2 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100
Applied in changeset r24913.

#3
Updated by marcandre (Marc-Andre Lafortune) over 2 years ago

Notes: the problem was even more acute in Ruby 1.9, since Cookie is no longer a Delegate (ref: issue #502), e.g. cookie.value.unshift("something"). Rubyspecs have been updated for this kind of check.

Patch was applied as is in Ruby 1.8 and modified for Ruby 1.9 to account for the fact that Cookie is an Array.

#4
Updated by shyouhei (Shyouhei Urabe) over 2 years ago

  • Status changed from Closed to Assigned
  • Assignee changed from xibbar (Takeyuki Fujioka) to wyhaines (Kirk Haines)
1.8.6 also has this issue.

#5
Updated by wyhaines (Kirk Haines) about 2 years ago

  • Status changed from Assigned to Closed
This issue was solved with changeset r27932.
Arthur, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

Also available in: Atom PDF